An integer underflow in calculating the maximum size of a buffer, allows for a far too large maximum and ultimately for data being uncompressed to overflow the allocated buffer.
Kinda a cool bug dealing with an improper optimization and the usage of an unexpected object from JS, leading to an out-of-bounds access.
Honestly, this is a simple bug, a react website, wiht source maps, so easy to find API endpoints the application calls.Upon examination one of them did not require any authentication, the event stream publishing events from the cameras in a redacted teleommunications company office…
This one starts off with a fun mass-assignment issue.Early on in the processing chain of a HTTP request to CrushFTP’s web interface it will parse all the HTTP headers into a Java Propertiesobject…
This vulnerability impacts kubernetes setups using NGINX as the ingress controller via ingress-nginx. At first I wanted to blame this one on block-listing when they should have used an allow-list, but its not quite that, but it is basically just a missed edge-case that allows for code execution.
One vulnerability a use-after-free in the Linux nftable subsystem, exploitable on the three kernelCTF targets: latest Long-term Stable (LTS) release, Container-optimized build as used by Google Cloud, and a Mitigation build that isn’t as up-to-date but includes experimentation mitigations to be bypassed.
A very powerful bug in the io_uring driver of the linux kernel.In this case, the vulnerability is in the handling of registering fixed buffers via the IORING_REGISTER_BUFFERS opcode, which allows an application to ‘pin’ and register memory for long-term use, which includes making it exempt from paging mechanics…
Not something we usually end up covering, but a chrome:// page XSS, and escaping the browser sandbox with an extension.
There is a lot going on in this post, the novel aspect are a few Mark-of-the-Web (MotW) bypasses, those MotW bypasses were found while exploring an in-the-wild exploit chain which is also covered here.
Just another large-language model prompt injection attack.In this case they found the chat system rendered markdown output, so they would inject a prompt to cause the AI to response with a markdown image whose source URL included a parameter with a dump of the chat log…